{"title":"Image Processing for Detecting Botnet Attacks: A Novel Approach for Flexibility and Scalability","authors":"Aurelien Agniel, David Arnold, J. Saniie","doi":"10.1109/RTC56148.2022.9945055","DOIUrl":null,"url":null,"abstract":"Continued adoption of the Internet of Things (IoT) redefines the paradigm of network architectures. Historically, network architectures relied on centralized resources and data centers. The introduction of the IoT challenges this notion by placing computing resources and observation at the edge of the network. As a result, decentralized approaches for information processing and gathering can be adopted and explored. However, this shift greatly expands the network footprint and shifts traffic away from the center of the network, where observation and cybersecurity monitoring tools are frequently located. Further, IoT devices are often computationally constrained, limiting their readiness to deal with cyber-threats. These security vulnerabilities make the IoT an easy target for hacking groups and lead to the proliferation of zombie networks of compromised devices. Frequently, zombie networks, otherwise known as botnets, are coordinated to attack targets and overload network resources through a Distributed Denial of Service (DDoS) attack. In order to crack down on these botnets, it is essential to develop new methods for quickly and efficiently detecting botnet activity. This study proposes a novel botnet detection technique that first pre-processes network data through computer vision and image processing. The processed dataset is then sent to a neural network for final classification. Two neural networks will be explored, a sequential model and an auto-encoder model. The application of image processing has two advantages over current methods. First, the image processing is simple enough to be completed at the edge of the network by the IoT devices. Second, preprocessing the data allows us to use a shallower network, decreasing detection time further. We will utilize the N-BaIoT dataset and compare our findings to their results.","PeriodicalId":437897,"journal":{"name":"2022 IEEE International Conference and Expo on Real Time Communications at IIT (RTC)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference and Expo on Real Time Communications at IIT (RTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RTC56148.2022.9945055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Continued adoption of the Internet of Things (IoT) redefines the paradigm of network architectures. Historically, network architectures relied on centralized resources and data centers. The introduction of the IoT challenges this notion by placing computing resources and observation at the edge of the network. As a result, decentralized approaches for information processing and gathering can be adopted and explored. However, this shift greatly expands the network footprint and shifts traffic away from the center of the network, where observation and cybersecurity monitoring tools are frequently located. Further, IoT devices are often computationally constrained, limiting their readiness to deal with cyber-threats. These security vulnerabilities make the IoT an easy target for hacking groups and lead to the proliferation of zombie networks of compromised devices. Frequently, zombie networks, otherwise known as botnets, are coordinated to attack targets and overload network resources through a Distributed Denial of Service (DDoS) attack. In order to crack down on these botnets, it is essential to develop new methods for quickly and efficiently detecting botnet activity. This study proposes a novel botnet detection technique that first pre-processes network data through computer vision and image processing. The processed dataset is then sent to a neural network for final classification. Two neural networks will be explored, a sequential model and an auto-encoder model. The application of image processing has two advantages over current methods. First, the image processing is simple enough to be completed at the edge of the network by the IoT devices. Second, preprocessing the data allows us to use a shallower network, decreasing detection time further. We will utilize the N-BaIoT dataset and compare our findings to their results.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
